<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19154"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT size=2 face=Verdana><FONT size=3 face="Times New Roman"> </FONT>
<DIV class=print-site_name>Published on <EM>InfoWorld</EM> (<A
title="http://www.infoworld.com/
CTRL + Click to follow link"
href="http://www.infoworld.com/">http://www.infoworld.com</A>)</DIV>
<P></P>
<HR class=print-hr>
<H1 class=print-title>Carrier IQ: The Sony rootkit all over again</H1>
<DIV class=print-submitted>By Robert X. Cringely</DIV>
<DIV class=print-created>Created <EM>2011-11-30 09:21AM</EM></DIV>
<P></P>
<DIV style="FLOAT: right; MARGIN-LEFT: 10px">
<DIV class="imu module">
<DIV class=imuCover></DIV></DIV></DIV>
<DIV class=print-content>
<P>It turns out your phone may be spying on you even more than you thought.</P>
<P>Android developer Trevor Eckhart was tooling around with his HTC smartphone a
few weeks ago when he discovered an unfamiliar app on it from a company called
Carrier IQ.</P>
<P><STRONG>[ Want to cash in on your IT experiences? InfoWorld is looking for
stories of an amazing or amusing IT adventure, lesson learned, or tales from the
trenches. Send your story to <A title=mailto:offtherecord@infoworld.com
href="mailto:offtherecord@infoworld.com">offtherecord@infoworld.com</A> <SPAN
class=print-footnote>[1]</SPAN>. If we publish it, we'll keep you anonymous and
send you a $50 American Express gift cheque. ]</STRONG></P>
<P>That bit of code appeared to be capturing everything his phone did -- all
numbers dialed, text entered, websites visited, buttons pressed, and so on, even
while he was only using Wi-Fi -- and phoning home with that data.</P>
<P>The software was running in secret, not listed among his other running
Android apps, and Eckhart could not force it to quit. In short, it was acting
just like a rootkit used to hide malware.</P>
<P>So Eckhart <A
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"
target=_blank>posted his findings on his Android Security Test blog</A> <SPAN
class=print-footnote>[2]</SPAN>, along with training manuals he found on Carrier
IQ's own site that explained how the software works, and called the Carrier IQ
app a "rootkit."</P>
<P>Carrier IQ reacted to Eckhart's post by trying to squelch it. Its <A
href="https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redacted.pdf"
target=_blank>attorneys issued a nastygram to Eckhart</A> <SPAN
class=print-footnote>[3]</SPAN>, demanding that he take down the manuals (that
CIQ had already made public) and threatening to sue him for $150,000 in damages,
the maximum the law allows for a single copyright violation.</P>
<P>Carrier IQ also demanded Eckhart provide them with the names of everyone to
whom he's provided the manuals (that CIQ had already made public), as well as
personally retract the characterization of its software as a "rootkit."</P>
<P>Eckhart told CIQ to take a long walk off a short pier, more or less, and <A
href="https://www.eff.org/sites/default/files/eckhart_c%26d_response.pdf"
target=_blank>enlisted the Electronic Frontier Foundation</A> <SPAN
class=print-footnote>[4]</SPAN> to defend him.</P>
<P>Wired's Threat Level blog has a fascinating series on the battle between
Carrier IQ and Eckhart, including <A
href="http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/"
target=_blank>a longish video on how the CIQ software works</A> <SPAN
class=print-footnote>[5]</SPAN>. Carrier IQ marketing manager Andrew Coward (no,
I'm not making that up), told Wired that the software is used for:</P>
<BLOCKQUOTE>
<P>...gathering information off the handset to understand the mobile-user
experience, where phone calls are dropped, where signal quality is poor, why
applications crash and battery life.</P>
<P>We're not looking at texts. We're counting things. How many texts did you
send and how many failed. That's the level of metrics that are being
gathered.</P></BLOCKQUOTE>
<P>Coward answered "probably yes" when asked whether the company could read the
text messages if it wanted.</P>
<P>Who uses Carrier IQ's software? Everybody. According to the company's own
site, it's <A href="http://www.carrieriq.com/" target=_blank>installed on nearly
142 million handsets</A> <SPAN class=print-footnote>[6]</SPAN>.</P>
<P>Following the brouhaha, Carrier IQ decided it was better to switch than
fight. CEO Larry Lenhart offered Eckhart a personal apology (there seems to be
<A
href="https://www.facebook.com/notes/governor-sam-brownback/governor-brownback-makes-statement-regarding-student-tweet/264960023553569"
target=_blank>a lot of that going around</A> <SPAN
class=print-footnote>[7]</SPAN> these days) and withdrew the company's legal
complaints. The company also <A
href="http://www.carrieriq.com/company/PR.EckhartStatement.pdf"
target=_blank>issued a statement</A> <SPAN class=print-footnote>[8]</SPAN>
detailing all the things its software does not do -- record keystrokes, emails,
or real-time data -- though Eckhart's video suggests otherwise.</P>
<P>Per <A
href="https://www.eff.org/sites/default/files/Marcia%20Hoffman%20Fax%2011.23.11.pdf"
target=_blank>the letter</A> <SPAN class=print-footnote>[9]</SPAN>:</P>
<BLOCKQUOTE>
<P>We are deeply sorry for any concern or trouble that our letter may have
caused Mr. Eckhart, and in retrospect we realize that we would have been
better served by reaching out to Mr. Eckhart to establish a dialogue in the
first instance....</P>
<P>In addition, we would welcome the opportunity to start a discussion with
you about these issues that we believe will be helpful to us, to our customers
and to consumers that use mobile devices.</P></BLOCKQUOTE>
<P>It turns out Carrier IQ's human IQ is higher than it first appeared.</P>
<P>Personally, I don't think CIQ set out to do anything other than measure
carrier and handset performance. But using a piece of software that acts like a
piece of malware is entirely the wrong way to go about that. Did they learn
nothing from the Sony rootkit debacle of 2005? Hello?</P>
<P>CIQ's attempt to use a ridiculous legal threat to suppress this information
is equally troubling. Then there are all these unanswered questions: What data
does it actually capture? What data does it have the potential to capture, if
the company wanted to? How is the data stored? Is it tied to unique user
identities? How long does the company keep the data? Who else has access to
it?</P>
<P>The issues are huge and the potential for abuse is enormous. How does CIQ
mitigate all of this?</P>
<P>The apology was a decent start. Now it's time for some answers.</P>
<P><EM>Do you have a spy in your pocket? Share your fears below or email me: <A
href="mailto:cringe@infoworld.com">cringe@infoworld.com</A> <SPAN
class=print-footnote>[10]</SPAN>.</EM></P>
<P><EM>This article, "<A
title="http://www.infoworld.com/t/cringely/carrier-iq-spying-your-cellphone-180425?source=footer
CTRL + Click to follow link"
href="http://www.infoworld.com/t/cringely/carrier-iq-spying-your-cellphone-180425?source=footer">Is
Carrier IQ spying on your cellphone?</A> <SPAN
class=print-footnote>[11]</SPAN>," was originally published at <A
title="http://www.infoworld.com/?source=footer
CTRL + Click to follow link"
href="http://www.infoworld.com/?source=footer">InfoWorld.com</A> <SPAN
class=print-footnote>[12]</SPAN>. </EM>
<HR class=print-hr>
<P></P></DIV>
<DIV class=print-source_url><STRONG>Source URL (retrieved on <EM>2011-11-30
01:02PM</EM>):</STRONG> <A
title="http://www.infoworld.com/t/cringely/carrier-iq-spying-your-cellphone-180425
CTRL + Click to follow link"
href="http://www.infoworld.com/t/cringely/carrier-iq-spying-your-cellphone-180425">http://www.infoworld.com/t/cringely/carrier-iq-spying-your-cellphone-180425</A></DIV>
<DIV class=print-links></FONT><FONT size=2
face=Verdana>____________________</FONT></DIV></DIV>
<DIV><FONT size=2 face=Verdana>Wayne A. Fox<BR><A
href="mailto:wayne.a.fox@gmail.com">wayne.a.fox@gmail.com</A><BR></FONT></DIV></BODY></HTML>